package cn.lsh.config;

import java.util.LinkedHashMap;

import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import cn.lsh.web.shiro.AuthRealm;
import cn.lsh.web.shiro.CredentialsMatcher;

/*
 * shiro的配置类
 */
//@Configuration
public class ShiroConfiguation {

	@Bean(name="shiroFilter")
	public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager")SecurityManager manager){
		ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
		bean.setSecurityManager(manager);
		
		//配置登录的url和登录成功的url
		// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面  
		bean.setLoginUrl("/login");//验证没通过都会转到/login
		bean.setSuccessUrl("/home");
		
		//配置访问权限，必需为有序的LinkedHashMap
		LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>();
		//配置过滤器，过滤链定义，从上向下顺序执行，只要匹配中了，就不匹配了,一般将 /**放在最为下边
		filterChainDefinitionMap.put("/jsp/login.jsp*", "anon");//表示可以匿名访问
		filterChainDefinitionMap.put("/loginUser", "anon");
		filterChainDefinitionMap.put("/logout*", "anon");
		filterChainDefinitionMap.put("/jsp/error.jsp*", "anon");
		filterChainDefinitionMap.put("/jsp/index.jsp*", "authc");//表示需要认证才可以访问
		filterChainDefinitionMap.put("/*", "authc");
		//所有url都必须认证通过才可以访问
		filterChainDefinitionMap.put("/**", "authc");
		filterChainDefinitionMap.put("/*.*", "authc");

		bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
		return bean;
	}
	
	//配置核心安全事务管理器
	@Bean(name="securityManager")
	public SecurityManager securitManager(@Qualifier("authRealm")AuthRealm authRealm){
		System.out.println("-----------shiro已经加载-------------");
		
		DefaultWebSecurityManager manager=new DefaultWebSecurityManager();
		manager.setRealm(authRealm);
		return manager;
	}
	
	//配置自定义的权限登录器
	@Bean(name="authRealm")
	public AuthRealm authRealm(@Qualifier("credentialsMatcher")CredentialsMatcher matcher){
		AuthRealm authRealm=new AuthRealm();
		authRealm.setCredentialsMatcher(matcher);
		return authRealm;
	}
	
	//配置自定义的密码比较器
	@Bean(name="credentialsMatcher")
	public CredentialsMatcher credentialsMatcher(){
		return new CredentialsMatcher();
	}
	
	//Shiro生命周期处理器
	@Bean
	public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){
		return new LifecycleBeanPostProcessor();
	}
	
	//DefaultAdvisorAutoProxyCreator实现自动创建Proxy
	@Bean
	public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
		DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator();
		creator.setProxyTargetClass(true);
		return creator;
	}
	
	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
			@Qualifier("securityManager")SecurityManager securityManager){
		AuthorizationAttributeSourceAdvisor advisor=new AuthorizationAttributeSourceAdvisor();
		advisor.setSecurityManager(securityManager);
		return advisor;
	}
}
